14 DAY TRIAL // Apple has released iOS 4.1, a major update to its iPhone and iPod touch firmware, which fixes numerous security vulnerabilities of critical impact.
There are a total of 24 security issues addressed in iOS 4.1, 19 of which can be exploited to execute arbitrary code on the target devices.
Most of the remote code execution flaws are located in the WebKit browser engine, but two affect the ImageIO component and can be attacked via maliciously crafted TIFF and GIF images.
Furthermore, two other bugs are located outside of WebKit and they affect the user interface and the FaceTime feature.
In addition to the arbitrary code execution flaws, some other types of bugs have also been fixed in WebKit.
This includes a clipboard hijacking bug, an information disclosure weakness and a flaw reported by a Google engineer that can lead to clickjacking-like attacks.
"If the keyboard focus changes during the processing of key presses, WebKit may deliver an event to the newly-focused frame, instead of the frame that had focus when the key press occurred. "A maliciously crafted website may be able to manipulate a user into taking an unexpected action, such as initiating a purchase," Apple explains about the latter in its security advisory.
In addition to the large batch of security patches, iOS 4.1 also brings many other enhancements and new features.
However, the notorious iPhone jailbreakers from Dev-Team warn users against installing it, as it might break unlockers and other hacks.
"Today you’ll likely start seeing iTunes innocently offer you a new version of iOS…version 4.1. Don’t accept it…it’s a trap!" the team warns on its official blog.
"Please stay away from this 4.1 release until a safe jailbreak procedure (which also preserves ultrasn0w) is developed and released," they advise.
Jailbreaking is a controversial practice, which allows users to run code that hasn't been approved by Apple on their phones.
However, some security experts have repeatedly expressed concern that doing this significantly decreases the security of the devices and allows malware to run on them.